Tag Archives: Threat modeling in the Garden of Eden

If you were not at the Microsoft Technology Center during the lunch hours of February 10, 2012, you missed the opportunity to see God in action amongst many IT and information security professionals that shared and discussed Information Security and Jesus Christ, in whom ultimate security is found.

The first educational HackFormers meetings was successfully held on February 10, 2012 at the Microsoft Technology Center from 11:30 – 1:00 p.m. It began with a round of introductions and some hot pizza for lunch, following which Mano ‘dash4rk’ Paul, gave an overview of the HackFormers organization by introducing its mission (which is to Teach Security, Teach Christ; Teach Security In Christ) and its mode of operation. Finally Mano suggested that people could get involved in the organization’s core mission, by praying for and participating by giving their time, tithes (sponsorships) and talents.

Then Mano presented the topic that was planned for that day, which was “Threat Modeling in the Garden of Eden” The presentation was broken down into three main components, the first being Teach Security where Mano covered the ABCs of Threat Modeling, the second was to Teach Christ which drew a parallel to Threat Modeling in the garden of Eden and finally a discussion.

A quick write up of the presentation is given below (for the benefit of those who missed the meeting).

About Mano ‘dash4rk’ Paul: When we have a lot of wealth, we are not ashamed to flaunt it. When we have Jesus Christ, a hidden treasure in us, there is no reason not to flaunt him and we ought to be proud to be called a Christian.

Mano started the first part of the presentation, which is to Teach Security (Threat Modeling)

Threat Modeling is a systematic and iterative must have process for any company today. It helps to identify and address applicable threats, but why must we threat model? We must threat model to address risk by applying appropriate and relevant controls.

Threat Modeling is often thought of, as a very complex activity, but at the most basic level it is about three things – A (Assets), B (Boundaries) and C (Controls).

Identify the various types of Assets

Once assets are identified, appropriate trust levels are identified and the boundaries where the assets would be acted upon are identified. It is important to recognize that threat agents are both on the outside as well as the inside.

Once the boundaries are identified, we move on to identify controls. But before one identifies controls, one needs to first identify applicable threats. Threat identification can be achieved using an attack tree technique or by using a threat framework.

There are several threat frameworks such as the NSA IAM, Microsoft’s STRIDE, etc. Mano used the Microsoft STRIDE Threat framework as an example to introduce different kinds of threats that may be applicable.

Controls for each identified (applicable) threat and the importance of incorporating the appropriate levels of controls to mitigate risk was highlighted.

Mano then moved on to the second part of the presentation, which is to Teach Christ (in the garden of Eden).

The Asset IS MANMan is not only God’s most PRECIOUS asset, but Man is God’s PRIME asset as well.
Contrary to what evolutionist would claim that Man is the ex-Ape of Evolution, Man is intact the Apex of God’s creation.

The Boundary IS THE GARDEN of EDEN where God’s most precious and prime asset was placed. In the garden was also placed two trees; the tree of the knowledge of good and evil and the tree of life. It is important to recognize that while the devil is the major threat agent that externally influences us (like a roaring lion seeking whom he may devour), the internal threat agent is our own selfish desires and lusts. The devil influenced Eve (external) and Eve desired (internal) for the forbidden fruit seemed pleasing to her eyes.

The THREATS in the garden of Eden

The IMPACT of Man’s disobedience was Man was asked to get out of the garden of Eden and he/she was denied access (Denial of Service) to the Tree of Life.

The CONTROL (the only needed control) is Jesus Christ, God’s only begotten Son, who came to earth and was crucified, removing the curse and restoring access to the Tree of Life and for everyone who believes in Him, there is no more boundary that separates him/her from God. This is the Gift of God to man.

Active participation ensued as the following points were discussed.

Inconclusion

Our prayer is that God who began the good work in us (as evident from the first meeting) will see it through to completion, until He returns to reign.

We are interested in your feedback and so please comment or email us your feedback and join us for the next meeting on March 09 where Michael Howard, the principal cybersecurity program manager from Microsoft will be presenting.

The first HackFormers educational meeting will be held on February 10, 2012.

Meeting details are given below.Speaker: Mano ‘dash4rk’ Paul – Author, The Official (ISC)2 Guide to the CSSLP; (ISC)2 Software Assurance Advisor; Shark Researcher and Biologist, CEO, SecuRisk Solutions and Express Certifications.Topic: Threat Modeling in the Garden of EdenAbstract: Threat modeling is one of the most discussed topics in information security today. However, this is not something new. In this talk, Mano will introduce the various components of threat modeling, and draw parallels to how this activity, if it had been done in the garden of Eden could have changed the world as we know it …Date: February 10th, 2012Time: 12:00 – 1:00 p.m. with introductions beginning at 11:30 a.m.Venue: Microsoft Technology Center at Quarry Oaks 2.Address:10900 Stonelake Blvd. Suite 225. Austin, TX 78759

Lunch will be provided at no cost to attendees. Just show up!
Seating is limited!